Google AppEngine with Service Account but invalid Credentials

Question

I have tried to get a group settings with group settings API using Google App Engine 1.7.5 with python 2.5 following a simple example here. this is my app.yaml:

application: {{APP_ID}}
version: 1
runtime: python
api_version: 1

handlers:
- url: /.*
  script: main.py

and my main.py is like following:

def main():
    application = webapp.WSGIApplication([('/', TestHandler)])
    run_wsgi_app(application)

class TestHandler(webapp.RequestHandler):
    """Handles a request for the query page."""
    def get(self):
        self.response.out.write(Test())

def Test():
    credentials = AppAssertionCredentials(scope='https://www.googleapis.com/auth/apps.groups.settings')
    http = credentials.authorize(httplib2.Http(memcache))
    service = build('groupssettings', 'v1', http=http)
    group = service.groups().get(groupUniqueId='{{GROUP_ID}}').execute()
    logging.error(group)

if __name__=="__main__":
    main()

and this is the stacktrace telling me invalid credentials!

Traceback (most recent call last):
  File "C:\Program Files (x86)\Google\google_appengine\google\appengine\ext\webapp\_webapp25.py", line 714, in __call__
    handler.get(*groups)
  File "D:\Projets\GS\main.py", line 26, in get
    self.response.out.write(Test())
  File "D:\Projets\GS\main.py", line 41, in Test
    group = service.groups().get(groupUniqueId='{{GROUP_ID}}').execute()
  File "D:\Projets\GS\oauth2client\util.py", line 132, in positional_wrapper
    return wrapped(*args, **kwargs)
  File "D:\Projets\GS\apiclient\http.py", line 723, in execute
    raise HttpError(resp, content, uri=self.uri)
HttpError: <HttpError 401 when requesting https://www.googleapis.com/groups/v1/groups/{{GROUP_ID}}?alt=json returned "Invalid Credentials">
INFO     2014-11-21 15:51:45,423 dev_appserver.py:3104] "GET / HTTP/1.1" 500 -
INFO     2014-11-21 15:51:45,611 dev_appserver.py:3104] "GET /favicon.ico HTTP/1.1" 404 -

Have anyone got this error before or have an idea of the root cause?

Answer 1

Have you turned on access to the groups API through the developer console for the project? This is a simple step that is often missed by people trying to get APIs going.

Also, I'd recommend using the decorator patterns for OAuth as described here to simplify the reasoning around authorization flows.

In addition, your app.yaml should specify python27 rather than just python. App Engine runs python27.